CVE-2022-38757 ZENworks
CVE-2022-38757

7.2HIGH

Key Information:

Vendor: Micro Focus
Status: Zenworks Configuration Management (zcm); Zenworks Asset Management; Zenworks Endpoint Security Management (zesm); Zenworks Patch Management (zpm)
Vendor: CVE Published:; 23 December 2022

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2022-38757?

A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.

Affected Version(s)

ZENworks Asset Management ZENworks 2020

ZENworks Configuration Management (ZCM) ZENworks 2020

ZENworks Endpoint Security Management (ZESM) ZENworks 2020

References

https://portal.microfocus.com/s/article/KM000012895?langu...

https://kmviewer.saas.microfocus.com/#/PH_206719

https://kmviewer.saas.microfocus.com/#/PH_206720

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 23, 2022
Vulnerability Reserved
Aug 25, 2022